kubesphere【高可用】集群搭建
一、keepalived搭建
参考地址:https://blog.csdn.net/zxd1435513775/article/details/102508573
1、服务安装
yum install keepalived –y
2、/etc/keepalived/keepalived.conf配置文件
! Configuration File for keepalived
global_defs {
router_id master1
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
script_user root
enable_script_security
}
vrrp_script chk_haproxy {
script "/opt/check.sh" # 执行脚本所在的位置
interval 2 #检测脚本执行的间隔,单位秒,每个2秒执行一次脚本
weight -30 #脚本执行异常,权重减去30
}
vrrp_instance VI_1 {
state MASTER
interface ens192
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 192.168.30.226 #部署keepalived服务的本机ip
unicast_peer {
# 其他机器ip
192.168.30.242
192.168.30.247
}
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
#虚拟ip,必须找网络部进行申请,不能随便填写,随便填写后,会导致ip冲突,影响使用该ip的服务
192.168.30.245
}
}
3、/usr/local/src/nginx_check.sh脚本
#! /bin/bash count=`netstat -apn | grep 0.0.0.0:8443 | wc -l` if [ $count -gt 0 ]; then exit 0 #脚本执行正常 else exit 1 #脚本执行异常 fi
4、启动
启动 keepalived
systemctl start keepalived.service
5、查看启动日志
journalctl -xe
6、查看Keepalived日志
tail -f /var/log/messages
7、测试
tcpdump -i any -nn vrrp
二、haproxy搭建
1、服务安装
yum install haproxy -y
2、/etc/haproxy/haproxy.cfg配置文件
#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # <http://haproxy.1wt.eu/download/1.4/doc/configuration.txt> # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults log global option httplog option dontlognull timeout connect 5000 timeout client 5000 timeout server 5000 frontend kube-apiserver bind *:8443 mode tcp option tcplog default_backend kube-apiserver backend kube-apiserver mode tcp option tcplog balance roundrobin default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100 server server1 192.168.30.226:6443 check server server2 192.168.30.242:6443 check server server3 192.168.30.247:6443 check
3、启动
启动 haproxy
systemctl start haproxy
4、haproxy服务监听的是8443端口【如果监听6443端口的话,服务启动不了】
端口监听8443的话,需要修改kubesphere&k8s的配置
4.1 修改 vim ~/.kube/config
配置文件的作用:~/.kube/config 是 Kubernetes 集群客户端工具 kubectl 的配置文件,它用于存储与 Kubernetes 集群的连接信息和身份验证凭证。
(1)集群连接信息:配置文件中包含了连接到 Kubernetes 集群所需的信息,如集群的地址、端口、协议等。
(2)用户认证凭证:配置文件中可以保存用户的身份验证凭证,如客户端证书、客户端密钥、用户名和密码等。
(3)上下文切换:配置文件可以配置多个上下文,每个上下文对应一个 Kubernetes 集群和用户组合,方便用户在不同集群之间切换。
(4)命名空间配置:配置文件中可以定义默认的命名空间,这样在使用 kubectl 命令时就无需每次指定命名空间。
通过编辑和管理 ~/.kube/config 文件,可以轻松地管理和连接到不同的 Kubernetes 集群,并进行身份验证和授权操作。
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1EZ3dNakV4TXpneU1sb1hEVE16TURjek1ERXhNemd5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTE1aCkpuaThENXV6dW5rc0JkalBXUGl3NkMzaHJqd3gvU05qRTVGZTJmdjJHMXZxc1NlbzNuWmtDbCtld29hYVZaQlMKUys1ZE8ybTloL09EdXdId2ttNEp1WldkNE1DcG5QVXc5MmJtMnZUV0thZXJYK1JuSm1KZkFvaW51Zms3KzdWQwpUQ0RBUmNCTGhYUEllYUJHQXJuYzZwdklPdVowVGRsR0dUa1o1V1ArSVFremt3T1J5WWJPbXBGRU90amM0eGRGCkVTc2hDSXdWamxiTUVLZVlIaFBjMlNzSjV3SnJaRHNXLzRCWjNwMzR5RGczODdramJDeUJDRzJLVUlrMGFYd2QKNTZyMHk3cjBQSGZUa2ZCTEQxbUZ6d25RaHlkRUJZYVJNQ0h3NjBhR1dicGphUUhsajhueVJMSWJ3L2FqOHFuUQpYdm5tcDgwMFlzRzE4MkM0Q1JVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOT2R6OUEvczdDNVMzVFlhdjZsSmlvVlpVTXZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDUVZ0RkhuYi9paUZsWlhmZzF1bHNOb0Y1ZFVqLzExdkZxUTN1Y213bDNKeDdCOTI4WApJREdtdDl6ZmNXN0JtYjZ0V1dxb2hSWlUrTWZ0UkpEYUNYQWMwekgyZEVMcktYWWlhU1EvcDBySytLOEFzaFRaCm9HR3RFRThOcjVHZS9Kc3NjSk9wRVNiNU9DbmZGMnlkZmpKQ3M4RXo3NGduQ0JFN0VpdGYrUTNrMTA3S0NGbTIKTjA3b1RZWVpjZjIwSTl3cGJTY1krNFVwYWVyTytSNzZjeTdNd0R5UDFFQUpZT2gyZzUzQjdrOXFINTlGZW9wbgpxNmwwS3Byd0xCYnc5TUh0RXd2dVg1QTZ0NE14M2lvTFRFRm9SNnc0ZEhKcmdGdlZKOHFuWUsvZmhtVW1CNXpMCkgrS253alhyd2ZCMGZnM1duRzE4RUtGWHZjaHYrZGNMcWNkcgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://lb.kubesphere.local:8443 #修改点 name: cluster.local contexts: - context: cluster: cluster.local namespace: kubesphere-system user: kubernetes-admin name: kubernetes-admin@cluster.local current-context: kubernetes-admin@cluster.local kind: Config preferences: {} users: - name: kubernetes-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJR3crbTJhUFl6bG93RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBNE1ESXhNVE00TWpKYUZ3MHlOREE0TURFeE1UTTRNak5hTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXVFd0hFem9hVW9ybGE0MmsKT1hoZitVNktTaVQyNE93VXZZZXF4VUlaWjM4QjVKalh1SkhTcFc0eUxEWXNsREhvZzc5cExJUWVBc1BWWHdFcApWOWxlNkROcmNxT2x4a2tBZi83MVVQbFg5ZHUyekIvSWRlYkN5NU9UbDUzcGgwSDRlTzE3UGtCbGpmaGFmaTZ3CnM2T2YzUVFhQjBIVlBRMjNkUDJHeXRKZWtLN2tLMjluMzZqdzE0VFA5L0E0SDVvWUpnTU9pTnBTK0VNM2EzcU0KYXBSOWFyQlZ3RWxSbllneWZHemdxMDRSWXNqWGpFSDBzUyt3UlV1RDFsdzI3eTJUbStKWk82eXNSMUhtV2R2SwprbWZESTZtU1dYR0IzeWNCQlZYQUlxcGlocWFIZmszQXhuQitDNUlxbUowbU93WnhYbENjaXNFZC9SZXc5TGZZCjRYWnFOd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUVG5jL1FQN093dVV0MDJHcitwU1lxRldWRApMekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZWVLN1VlcUVEL20yMHV5UzlrUnk0UjdZdHZreXhuNGl0T0dwCnNEWjJKZEZxZXhjeHJvSzJNSjVTSlowUk9Nc2JSQUNjaGwrcDVCUUMvYmM5RjArMStCR2hLd1BCL0N3eWRxcmYKT1MxQnUzd0krV1lvb243aS9uY2FycG9OQVc1Wm14aUlYZGFZUEJoaTgzOFpFOHNuWFVaVUt0L1VPcTZEZ1FrVQp2N0xZaWdVYmZmUzlrR2lZdUMzR3AyT1ZxRmpYVlpCMmlYbmI3QU1udnQ3aUtraUJoU3dkL2NDcCtEZFdFU0E5CldxTU9OaUlwUXBiOXpxMisxVG81UUFkM0Rzd09VOUV3QXJWNlY2eWRsNVozY0dGVVI5TUoybmR5QWpTM3laa1MKRC9Fa1VoNi9yL011OU9SSWJvK2FJMnh4UTZoSHMvV0dXMmVKNVltVnlaUUFqeWdCaWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdUV3SEV6b2FVb3JsYTQya09YaGYrVTZLU2lUMjRPd1V2WWVxeFVJWlozOEI1SmpYCnVKSFNwVzR5TERZc2xESG9nNzlwTElRZUFzUFZYd0VwVjlsZTZETnJjcU9seGtrQWYvNzFVUGxYOWR1MnpCL0kKZGViQ3k1T1RsNTNwaDBINGVPMTdQa0JsamZoYWZpNndzNk9mM1FRYUIwSFZQUTIzZFAyR3l0SmVrSzdrSzI5bgozNmp3MTRUUDkvQTRINW9ZSmdNT2lOcFMrRU0zYTNxTWFwUjlhckJWd0VsUm5ZZ3lmR3pncTA0UllzalhqRUgwCnNTK3dSVXVEMWx3Mjd5MlRtK0paTzZ5c1IxSG1XZHZLa21mREk2bVNXWEdCM3ljQkJWWEFJcXBpaHFhSGZrM0EKeG5CK0M1SXFtSjBtT3daeFhsQ2Npc0VkL1JldzlMZlk0WFpxTndJREFRQUJBb0lCQUVEa1pFbGMyQS9nWUUreQptL1N3Y2ZxeXNQYlNkU3RWZFNnWE1RWXI5QTRCSm9WN1c5bmRYckpwVHJsS2lmL1VZdTZnNDBPTmNaTy9xTTIrCjl2Tzcwak1vaDlqaHptazNJem51YUNxTzRXM3NZejBVbzl6LzErOGVrNFY3VU5NVFk0NFE4S2hHdkh0MHkwaEsKNEdVZ1pCWEtiKy9HT25NNDlUUDRZUkhoYVBMQVNIQVloMDZSNzVsQ0tpQllrWW1HS1lWWDg0TGVldzg5MUgvNgp0cGpxZS9vd2ZTWXEvUEUzYUh2b2puOEhPMzNuUm1uZGJVTmhsYUZ5MkdrQkxXTU1GTE51d2tNN3BTMGhzT1M2CnFPYTdjcFEvNjVBT2FEQlJOQ3UrTVZvVllDOHQ2WHp6RUFkRnJUelZFNkdmUk9sVWVwcmFwK0JETEZOeExpbTMKN2pTRnN3RUNnWUVBeGYzS04rWXhVNitybUxRS3gvZmlYSmdYTVg5NHpMbUVOOFR6OHVwbUZNL2RXa041L0kyQwprVTA1N2wxZDdIeXQ2azIybDVFQnduRlNaS0UxTnkxcDFleTMrZW1YbzZvMVdPeWVHSElrNnJaeVRzZUlFM2Y1CnRrYTY2cVhUaEFwS1lRYjA2Z29yUU52Z1RLdlYrdTAzaytEVHpJYnpuYnRSR25xU243VTQ4VmNDZ1lFQTdrc1oKZ0UydGFyWEk3K0hYZThJYUgzSy9XSUJVR2dvYmVxNitjSFUxYVBQS2c1blVacUlESURHS0VwSGJiL2dMNFV0MQpsZFFBQ0srSkwvQlBGbTRaNjVMUTJWU0FhcmZ0T2VMTHJaV1Z4SmdrckVCSXZ3djRldXpuL1hkd2p5NXAvT1k3CisvQ3o4d0gyZHpZQ1ZtS3hmVll6bTVOU2gvTCtRc0RtaGF1a1lpRUNnWUFwM25CNy83YmdycDZJRFZMV1ZNcE8Kc0c3L0xhaTdDbVEyY3ZUdm9yZnhvTDk3amhkbTIvb0hoaUJCRXdlQXNpRUpFbVFSaXoybkE5WGJwK2VjQW9PRwpGS2dYTmxtMTU1R2VlM00zVWpRU1dvQ3p2aWc5amJxRjNGRTh1OUtOOHFzbDk1V2xSSDgvR1FCRzFuUEt1NDFzClBUZ3M0VUQxVXg1a2poVWhwdTRpd3dLQmdCZzgxMGt2blhYL0s0TUt5Nm93NGd0VTFwV2Y1KzRHSFNscllMOTcKaklVeVZ1VHYzcVRaMGN1U2ZtTEpKekxLWGhyNlcrbHplTlZwVldEazVvWjNpSGRucFlxVmg4SlRGdlFPVjMwKwplODlWVWxXYTdFdFNZbUhPZXdKVEJjWHFpS2xLbWN0VWZsazNWK1JrUC9TZGNVUTRZbU51cHJSaFNPOXRRNFZSCkloVkJBb0dCQUpaWVA0WG1EWkMwZk5LejJGalIrdUE2QVdBUnRRUUF6ZjF3RWp1MjdjemlzZUM2VjV6MVo1YU0KN1FMUXcwMjdpOHN1TWZaenh5SEYwam1XbGZoZVA1amZzV3BtQUhLc3ZXR1Z0Znk4aGxtV1NwZ1UwOTFLekR4bwpTNHJqV2k3TGsxSnVPU1E0RFlkRU5pNUNBaFFTWDFBZXo1UWM3VldxNXFjZzY3Q3FZd3BsCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
4.2 修改 vim /etc/kubernetes/admin.conf
配置文件的作用:/etc/kubernetes/admin.conf 是 Kubernetes 集群的管理员配置文件,该文件主要用于管理员连接和管理 Kubernetes 集群。
(1)集群连接信息:配置文件中包含了连接到 Kubernetes 集群所需的信息,如集群的地址、端口、协议等。
(2)管理员认证凭证:配置文件中保存了管理员的身份验证凭证,如客户端证书、客户端密钥等。
(3)上下文切换:配置文件可以配置多个上下文,每个上下文对应一个 Kubernetes 集群和用户组合,管理员可以在不同集群之间切换。
(4)集群授权信息:配置文件中包含了集群的授权信息,如授权策略、角色和角色绑定等。
通过使用 /etc/kubernetes/admin.conf 文件,管理员可以使用相应的客户端工具(如 kubectl)连接到 Kubernetes 集群,并进行集群管理、节点管理、资源调度等操作。这个配置文件一般只在集群的管理节点上存在,用于进行集群的初始配置和管理任务。
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1EZ3dNakV4TXpneU1sb1hEVE16TURjek1ERXhNemd5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTE1aCkpuaThENXV6dW5rc0JkalBXUGl3NkMzaHJqd3gvU05qRTVGZTJmdjJHMXZxc1NlbzNuWmtDbCtld29hYVZaQlMKUys1ZE8ybTloL09EdXdId2ttNEp1WldkNE1DcG5QVXc5MmJtMnZUV0thZXJYK1JuSm1KZkFvaW51Zms3KzdWQwpUQ0RBUmNCTGhYUEllYUJHQXJuYzZwdklPdVowVGRsR0dUa1o1V1ArSVFremt3T1J5WWJPbXBGRU90amM0eGRGCkVTc2hDSXdWamxiTUVLZVlIaFBjMlNzSjV3SnJaRHNXLzRCWjNwMzR5RGczODdramJDeUJDRzJLVUlrMGFYd2QKNTZyMHk3cjBQSGZUa2ZCTEQxbUZ6d25RaHlkRUJZYVJNQ0h3NjBhR1dicGphUUhsajhueVJMSWJ3L2FqOHFuUQpYdm5tcDgwMFlzRzE4MkM0Q1JVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOT2R6OUEvczdDNVMzVFlhdjZsSmlvVlpVTXZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDUVZ0RkhuYi9paUZsWlhmZzF1bHNOb0Y1ZFVqLzExdkZxUTN1Y213bDNKeDdCOTI4WApJREdtdDl6ZmNXN0JtYjZ0V1dxb2hSWlUrTWZ0UkpEYUNYQWMwekgyZEVMcktYWWlhU1EvcDBySytLOEFzaFRaCm9HR3RFRThOcjVHZS9Kc3NjSk9wRVNiNU9DbmZGMnlkZmpKQ3M4RXo3NGduQ0JFN0VpdGYrUTNrMTA3S0NGbTIKTjA3b1RZWVpjZjIwSTl3cGJTY1krNFVwYWVyTytSNzZjeTdNd0R5UDFFQUpZT2gyZzUzQjdrOXFINTlGZW9wbgpxNmwwS3Byd0xCYnc5TUh0RXd2dVg1QTZ0NE14M2lvTFRFRm9SNnc0ZEhKcmdGdlZKOHFuWUsvZmhtVW1CNXpMCkgrS253alhyd2ZCMGZnM1duRzE4RUtGWHZjaHYrZGNMcWNkcgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://lb.kubesphere.local:8443 #修改点 name: cluster.local contexts: - context: cluster: cluster.local user: kubernetes-admin name: kubernetes-admin@cluster.local current-context: kubernetes-admin@cluster.local kind: Config preferences: {} users: - name: kubernetes-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJR3crbTJhUFl6bG93RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBNE1ESXhNVE00TWpKYUZ3MHlOREE0TURFeE1UTTRNak5hTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXVFd0hFem9hVW9ybGE0MmsKT1hoZitVNktTaVQyNE93VXZZZXF4VUlaWjM4QjVKalh1SkhTcFc0eUxEWXNsREhvZzc5cExJUWVBc1BWWHdFcApWOWxlNkROcmNxT2x4a2tBZi83MVVQbFg5ZHUyekIvSWRlYkN5NU9UbDUzcGgwSDRlTzE3UGtCbGpmaGFmaTZ3CnM2T2YzUVFhQjBIVlBRMjNkUDJHeXRKZWtLN2tLMjluMzZqdzE0VFA5L0E0SDVvWUpnTU9pTnBTK0VNM2EzcU0KYXBSOWFyQlZ3RWxSbllneWZHemdxMDRSWXNqWGpFSDBzUyt3UlV1RDFsdzI3eTJUbStKWk82eXNSMUhtV2R2SwprbWZESTZtU1dYR0IzeWNCQlZYQUlxcGlocWFIZmszQXhuQitDNUlxbUowbU93WnhYbENjaXNFZC9SZXc5TGZZCjRYWnFOd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUVG5jL1FQN093dVV0MDJHcitwU1lxRldWRApMekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZWVLN1VlcUVEL20yMHV5UzlrUnk0UjdZdHZreXhuNGl0T0dwCnNEWjJKZEZxZXhjeHJvSzJNSjVTSlowUk9Nc2JSQUNjaGwrcDVCUUMvYmM5RjArMStCR2hLd1BCL0N3eWRxcmYKT1MxQnUzd0krV1lvb243aS9uY2FycG9OQVc1Wm14aUlYZGFZUEJoaTgzOFpFOHNuWFVaVUt0L1VPcTZEZ1FrVQp2N0xZaWdVYmZmUzlrR2lZdUMzR3AyT1ZxRmpYVlpCMmlYbmI3QU1udnQ3aUtraUJoU3dkL2NDcCtEZFdFU0E5CldxTU9OaUlwUXBiOXpxMisxVG81UUFkM0Rzd09VOUV3QXJWNlY2eWRsNVozY0dGVVI5TUoybmR5QWpTM3laa1MKRC9Fa1VoNi9yL011OU9SSWJvK2FJMnh4UTZoSHMvV0dXMmVKNVltVnlaUUFqeWdCaWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdUV3SEV6b2FVb3JsYTQya09YaGYrVTZLU2lUMjRPd1V2WWVxeFVJWlozOEI1SmpYCnVKSFNwVzR5TERZc2xESG9nNzlwTElRZUFzUFZYd0VwVjlsZTZETnJjcU9seGtrQWYvNzFVUGxYOWR1MnpCL0kKZGViQ3k1T1RsNTNwaDBINGVPMTdQa0JsamZoYWZpNndzNk9mM1FRYUIwSFZQUTIzZFAyR3l0SmVrSzdrSzI5bgozNmp3MTRUUDkvQTRINW9ZSmdNT2lOcFMrRU0zYTNxTWFwUjlhckJWd0VsUm5ZZ3lmR3pncTA0UllzalhqRUgwCnNTK3dSVXVEMWx3Mjd5MlRtK0paTzZ5c1IxSG1XZHZLa21mREk2bVNXWEdCM3ljQkJWWEFJcXBpaHFhSGZrM0EKeG5CK0M1SXFtSjBtT3daeFhsQ2Npc0VkL1JldzlMZlk0WFpxTndJREFRQUJBb0lCQUVEa1pFbGMyQS9nWUUreQptL1N3Y2ZxeXNQYlNkU3RWZFNnWE1RWXI5QTRCSm9WN1c5bmRYckpwVHJsS2lmL1VZdTZnNDBPTmNaTy9xTTIrCjl2Tzcwak1vaDlqaHptazNJem51YUNxTzRXM3NZejBVbzl6LzErOGVrNFY3VU5NVFk0NFE4S2hHdkh0MHkwaEsKNEdVZ1pCWEtiKy9HT25NNDlUUDRZUkhoYVBMQVNIQVloMDZSNzVsQ0tpQllrWW1HS1lWWDg0TGVldzg5MUgvNgp0cGpxZS9vd2ZTWXEvUEUzYUh2b2puOEhPMzNuUm1uZGJVTmhsYUZ5MkdrQkxXTU1GTE51d2tNN3BTMGhzT1M2CnFPYTdjcFEvNjVBT2FEQlJOQ3UrTVZvVllDOHQ2WHp6RUFkRnJUelZFNkdmUk9sVWVwcmFwK0JETEZOeExpbTMKN2pTRnN3RUNnWUVBeGYzS04rWXhVNitybUxRS3gvZmlYSmdYTVg5NHpMbUVOOFR6OHVwbUZNL2RXa041L0kyQwprVTA1N2wxZDdIeXQ2azIybDVFQnduRlNaS0UxTnkxcDFleTMrZW1YbzZvMVdPeWVHSElrNnJaeVRzZUlFM2Y1CnRrYTY2cVhUaEFwS1lRYjA2Z29yUU52Z1RLdlYrdTAzaytEVHpJYnpuYnRSR25xU243VTQ4VmNDZ1lFQTdrc1oKZ0UydGFyWEk3K0hYZThJYUgzSy9XSUJVR2dvYmVxNitjSFUxYVBQS2c1blVacUlESURHS0VwSGJiL2dMNFV0MQpsZFFBQ0srSkwvQlBGbTRaNjVMUTJWU0FhcmZ0T2VMTHJaV1Z4SmdrckVCSXZ3djRldXpuL1hkd2p5NXAvT1k3CisvQ3o4d0gyZHpZQ1ZtS3hmVll6bTVOU2gvTCtRc0RtaGF1a1lpRUNnWUFwM25CNy83YmdycDZJRFZMV1ZNcE8Kc0c3L0xhaTdDbVEyY3ZUdm9yZnhvTDk3amhkbTIvb0hoaUJCRXdlQXNpRUpFbVFSaXoybkE5WGJwK2VjQW9PRwpGS2dYTmxtMTU1R2VlM00zVWpRU1dvQ3p2aWc5amJxRjNGRTh1OUtOOHFzbDk1V2xSSDgvR1FCRzFuUEt1NDFzClBUZ3M0VUQxVXg1a2poVWhwdTRpd3dLQmdCZzgxMGt2blhYL0s0TUt5Nm93NGd0VTFwV2Y1KzRHSFNscllMOTcKaklVeVZ1VHYzcVRaMGN1U2ZtTEpKekxLWGhyNlcrbHplTlZwVldEazVvWjNpSGRucFlxVmg4SlRGdlFPVjMwKwplODlWVWxXYTdFdFNZbUhPZXdKVEJjWHFpS2xLbWN0VWZsazNWK1JrUC9TZGNVUTRZbU51cHJSaFNPOXRRNFZSCkloVkJBb0dCQUpaWVA0WG1EWkMwZk5LejJGalIrdUE2QVdBUnRRUUF6ZjF3RWp1MjdjemlzZUM2VjV6MVo1YU0KN1FMUXcwMjdpOHN1TWZaenh5SEYwam1XbGZoZVA1amZzV3BtQUhLc3ZXR1Z0Znk4aGxtV1NwZ1UwOTFLekR4bwpTNHJqV2k3TGsxSnVPU1E0RFlkRU5pNUNBaFFTWDFBZXo1UWM3VldxNXFjZzY3Q3FZd3BsCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
4.3 修改/etc/kubernetes/kubeadm-config.yaml
配置文件的作用:/etc/kubernetes/kubeadm-config.yaml 是 Kubernetes 集群初始化工具 kubeadm 的配置文件,用于定义 Kubernetes 集群的初始化参数和配置选项。
(1)初始化参数:配置文件中可以设置集群的初始化参数,如集群的网络插件、Pod 网络地址范围、服务网段、DNS 配置等。
(2)节点组件:配置文件中可以定义节点组件的相关配置,如 kubelet 的配置选项、容器运行时配置、容器镜像源配置等。
(3)控制平面配置:配置文件中可以设置控制平面组件的相关配置,如 API Server 的监听地址、授权和认证配置、调度器和控制器管理器的选项等。
(4)高级配置选项:配置文件中还提供了一些高级配置选项,如 etcd 的配置、证书管理选项等。
通过编辑和管理 /etc/kubernetes/kubeadm-config.yaml 文件,可以自定义 Kubernetes 集群的初始化设置,以满足特定需求和环境。在使用 kubeadm 初始化集群时,会根据该配置文件的内容来进行相应的初始化操作。注意,这个配置文件一般在初始化新集群时使用,已经运行中的集群一般不需要直接修改该文件。
--- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration etcd: external: endpoints: - https://192.168.30.226:2379 caFile: /etc/ssl/etcd/ssl/ca.pem certFile: /etc/ssl/etcd/ssl/node-master1.pem keyFile: /etc/ssl/etcd/ssl/node-master1-key.pem dns: type: CoreDNS imageRepository: registry.cn-beijing.aliyuncs.com/kubesphereio imageTag: 1.8.0 imageRepository: registry.cn-beijing.aliyuncs.com/kubesphereio kubernetesVersion: v1.21.13 certificatesDir: /etc/kubernetes/pki clusterName: cluster.local controlPlaneEndpoint: lb.kubesphere.local:8443 #修改点 networking: dnsDomain: cluster.local podSubnet: 10.233.64.0/18 serviceSubnet: 10.233.0.0/18 apiServer: extraArgs: audit-log-maxage: "30" audit-log-maxbackup: "10" audit-log-maxsize: "100" bind-address: 0.0.0.0 feature-gates: RotateKubeletServerCertificate=true,TTLAfterFinished=true,ExpandCSIVolumes=true,CSIStorageCapacity=true certSANs: - kubernetes - kubernetes.default - kubernetes.default.svc - kubernetes.default.svc.cluster.local ......
4.4 修改vim /etc/kubernetes/kubelet.conf
配置文件的作用:/etc/kubernetes/kubelet.conf 是 Kubernetes 节点上 kubelet 服务的配置文件,用于定义 kubelet 的运行参数和连接到集群的身份验证凭证。
(1)Kubernetes 集群连接:配置文件中包含了连接到 Kubernetes 集群所需的信息,如 API Server 的地址、端口、证书等。kubelet 使用这些信息来与集群的控制平面进行通信。
(2)身份验证凭证:配置文件中保存了用于身份验证的凭证,如证书和私钥。kubelet 使用这些凭证来证明自己的身份并与集群进行安全通信。
(3)集群授权信息:配置文件中可能包含了 kubelet 的集群级授权配置,如 RBAC 规则和角色绑定等。
通过修改 /etc/kubernetes/kubelet.conf 文件,可以调整 kubelet 服务的配置,包括连接到集群的设置和认证凭证。需要注意,修改该文件后需要重新启动 kubelet 服务才能使更改生效。请谨慎修改该文件,以确保 kubelet 正确连接到正确的 Kubernetes 集群并通过身份验证。
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1EZ3dNakV4TXpneU1sb1hEVE16TURjek1ERXhNemd5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTE1aCkpuaThENXV6dW5rc0JkalBXUGl3NkMzaHJqd3gvU05qRTVGZTJmdjJHMXZxc1NlbzNuWmtDbCtld29hYVZaQlMKUys1ZE8ybTloL09EdXdId2ttNEp1WldkNE1DcG5QVXc5MmJtMnZUV0thZXJYK1JuSm1KZkFvaW51Zms3KzdWQwpUQ0RBUmNCTGhYUEllYUJHQXJuYzZwdklPdVowVGRsR0dUa1o1V1ArSVFremt3T1J5WWJPbXBGRU90amM0eGRGCkVTc2hDSXdWamxiTUVLZVlIaFBjMlNzSjV3SnJaRHNXLzRCWjNwMzR5RGczODdramJDeUJDRzJLVUlrMGFYd2QKNTZyMHk3cjBQSGZUa2ZCTEQxbUZ6d25RaHlkRUJZYVJNQ0h3NjBhR1dicGphUUhsajhueVJMSWJ3L2FqOHFuUQpYdm5tcDgwMFlzRzE4MkM0Q1JVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOT2R6OUEvczdDNVMzVFlhdjZsSmlvVlpVTXZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDUVZ0RkhuYi9paUZsWlhmZzF1bHNOb0Y1ZFVqLzExdkZxUTN1Y213bDNKeDdCOTI4WApJREdtdDl6ZmNXN0JtYjZ0V1dxb2hSWlUrTWZ0UkpEYUNYQWMwekgyZEVMcktYWWlhU1EvcDBySytLOEFzaFRaCm9HR3RFRThOcjVHZS9Kc3NjSk9wRVNiNU9DbmZGMnlkZmpKQ3M4RXo3NGduQ0JFN0VpdGYrUTNrMTA3S0NGbTIKTjA3b1RZWVpjZjIwSTl3cGJTY1krNFVwYWVyTytSNzZjeTdNd0R5UDFFQUpZT2gyZzUzQjdrOXFINTlGZW9wbgpxNmwwS3Byd0xCYnc5TUh0RXd2dVg1QTZ0NE14M2lvTFRFRm9SNnc0ZEhKcmdGdlZKOHFuWUsvZmhtVW1CNXpMCkgrS253alhyd2ZCMGZnM1duRzE4RUtGWHZjaHYrZGNMcWNkcgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://lb.kubesphere.local:8443 #修改点 name: cluster.local contexts: - context: cluster: cluster.local user: system:node:master1 name: system:node:master1@cluster.local current-context: system:node:master1@cluster.local kind: Config preferences: {} users: - name: system:node:master1 user: client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
三、kubesphere添加&删除节点
1、添加节点
参考:https://www.kubesphere.io/zh/docs/v3.3/installing-on-linux/cluster-operation/add-new-nodes/
2、执行获取当前集群的配置文件
./kk create config --from-cluster
3、修改sample.yaml
4、执行添加节点
./kk add nodes -f sample.yaml
5、删除work节点
./kk create config --from-cluster ./kk delete node node3 -f config-sample.yaml
6、删除master节点
kubectl get nodes kubectl drain master1 --ignore-daemonsets kubectl get nodes kubectl delete node master1
7、异常处理
假如master3坏了,[http://192.168.30.245:30880/](http://192.168.30.245:30880/clusters/default/nodes)访问不了 step1:操作:登录任意节点 step2:驱逐坏的master3节点 step3:执行kubectl delete node master3删除master3节点 step4:访问[http://192.168.30.245:30880/](http://192.168.30.245:30880/clusters/default/nodes)正常 备注: (1)如果master3修复了,通过添加节点的方式重新添加 (2)在KubeSphere集群中移除一个Worker节点,其中运行的Pod会根据配置和调度策略自动迁移到其他可用的Worker节点上。
浙公网安备 33010602011771号